Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #69 from senky/ad-code-analysis
Ad snippet analysis
- Loading branch information
Showing
15 changed files
with
689 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
<?php | ||
/** | ||
* | ||
* Advertisement management. An extension for the phpBB Forum Software package. | ||
* | ||
* @copyright (c) 2017 phpBB Limited <https://www.phpbb.com> | ||
* @license GNU General Public License, version 2 (GPL-2.0) | ||
* | ||
*/ | ||
|
||
namespace phpbb\ads\analyser; | ||
|
||
class manager | ||
{ | ||
/** @var array Ad code analysis tests */ | ||
protected $tests; | ||
|
||
/** @var \phpbb\request\request */ | ||
protected $request; | ||
|
||
/** @var \phpbb\template\template */ | ||
protected $template; | ||
|
||
/** @var \phpbb\language\language */ | ||
protected $lang; | ||
|
||
/** | ||
* Construct an ad code analysis manager object | ||
* | ||
* @param array $tests Ad code analysis tests passed via the service container | ||
* @param \phpbb\request\request $request Request object | ||
* @param \phpbb\template\template $template Template object | ||
* @param \phpbb\language\language $lang Language object | ||
*/ | ||
public function __construct($tests, \phpbb\request\request $request, \phpbb\template\template $template, \phpbb\language\language $lang) | ||
{ | ||
$this->tests = $tests; | ||
$this->request = $request; | ||
$this->template = $template; | ||
$this->lang = $lang; | ||
} | ||
|
||
/** | ||
* Test the ad code for potential problems. | ||
* | ||
* @param string $ad_code Advertisement code | ||
*/ | ||
public function run($ad_code) | ||
{ | ||
$results = array(); | ||
foreach ($this->tests as $test) | ||
{ | ||
$result = $test->run($ad_code); | ||
if ($result !== false) | ||
{ | ||
$results[] = $result; | ||
} | ||
} | ||
|
||
$this->assign_template_vars($results); | ||
} | ||
|
||
/** | ||
* Assign analyser results to template variables. | ||
* | ||
* @param array $results Analyser results | ||
*/ | ||
protected function assign_template_vars($results) | ||
{ | ||
foreach ($results as $result) | ||
{ | ||
$this->template->assign_block_vars('analyser_results_' . $result['severity'], array( | ||
'MESSAGE' => $this->lang->lang($result['message']), | ||
)); | ||
} | ||
|
||
$this->template->assign_var('CODE_ANALYSED', true); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
<?php | ||
/** | ||
* | ||
* Advertisement management. An extension for the phpBB Forum Software package. | ||
* | ||
* @copyright (c) 2017 phpBB Limited <https://www.phpbb.com> | ||
* @license GNU General Public License, version 2 (GPL-2.0) | ||
* | ||
*/ | ||
|
||
namespace phpbb\ads\analyser\test; | ||
|
||
class alert implements test_interface | ||
{ | ||
/** | ||
* {@inheritDoc} | ||
* | ||
* Javascript alert() test. | ||
* This test checks for the presence of alert() in an ad code. | ||
* There is no reason why ad would trigger alert, so it's | ||
* categorized as warning. | ||
*/ | ||
public function run($ad_code) | ||
{ | ||
if (preg_match('/alert\s*\(/U', $ad_code)) | ||
{ | ||
return array( | ||
'severity' => 'warning', | ||
'message' => 'ALERT_USAGE', | ||
); | ||
} | ||
|
||
return false; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
<?php | ||
/** | ||
* | ||
* Advertisement management. An extension for the phpBB Forum Software package. | ||
* | ||
* @copyright (c) 2017 phpBB Limited <https://www.phpbb.com> | ||
* @license GNU General Public License, version 2 (GPL-2.0) | ||
* | ||
*/ | ||
|
||
namespace phpbb\ads\analyser\test; | ||
|
||
class location_href implements test_interface | ||
{ | ||
/** | ||
* {@inheritDoc} | ||
* | ||
* Javascript redirect using window.location.href test. | ||
* This test checks for the presence of redirect in an ad code. | ||
* There is no reason why ad would redirect user to another page, | ||
* so it's categorized as warning. | ||
*/ | ||
public function run($ad_code) | ||
{ | ||
if (preg_match('/location\.href(\s)*=/U', $ad_code)) | ||
{ | ||
return array( | ||
'severity' => 'warning', | ||
'message' => 'LOCATION_CHANGE', | ||
); | ||
} | ||
|
||
return false; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
<?php | ||
/** | ||
* | ||
* Advertisement management. An extension for the phpBB Forum Software package. | ||
* | ||
* @copyright (c) 2017 phpBB Limited <https://www.phpbb.com> | ||
* @license GNU General Public License, version 2 (GPL-2.0) | ||
* | ||
*/ | ||
|
||
namespace phpbb\ads\analyser\test; | ||
|
||
class script_without_async implements test_interface | ||
{ | ||
/** | ||
* {@inheritDoc} | ||
* | ||
* Synchronously loaded scripts test. | ||
* This test looks for scripts that aren't using `async` attribute | ||
* to load itself asynchronously. Such scripts slow down page rendering | ||
* time and should be made asynchronous. | ||
*/ | ||
public function run($ad_code) | ||
{ | ||
if (preg_match_all('/<script(.*)src(.*)>/U', $ad_code, $matches)) | ||
{ | ||
foreach ($matches[1] as $match) | ||
{ | ||
if (!preg_match('/ async/', $match)) | ||
{ | ||
return array( | ||
'severity' => 'notice', | ||
'message' => 'SCRIPT_WITHOUT_ASYNC', | ||
); | ||
} | ||
} | ||
} | ||
|
||
return false; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
<?php | ||
/** | ||
* | ||
* Advertisement management. An extension for the phpBB Forum Software package. | ||
* | ||
* @copyright (c) 2017 phpBB Limited <https://www.phpbb.com> | ||
* @license GNU General Public License, version 2 (GPL-2.0) | ||
* | ||
*/ | ||
|
||
namespace phpbb\ads\analyser\test; | ||
|
||
/** | ||
* Interface for ad code analysis tests | ||
*/ | ||
interface test_interface | ||
{ | ||
/** | ||
* Test ad code for potential problems. | ||
* | ||
* @param string $ad_code Advertisement code | ||
* @return mixed List of notices and warnings or false when there are none. | ||
*/ | ||
public function run($ad_code); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
<?php | ||
/** | ||
* | ||
* Advertisement management. An extension for the phpBB Forum Software package. | ||
* | ||
* @copyright (c) 2017 phpBB Limited <https://www.phpbb.com> | ||
* @license GNU General Public License, version 2 (GPL-2.0) | ||
* | ||
*/ | ||
|
||
namespace phpbb\ads\analyser\test; | ||
|
||
class untrusted_connection implements test_interface | ||
{ | ||
/** @var \phpbb\request\request */ | ||
protected $request; | ||
|
||
/** | ||
* Construct an ad code analysis manager object | ||
* | ||
* @param \phpbb\request\request $request Request object | ||
*/ | ||
public function __construct(\phpbb\request\request $request) | ||
{ | ||
$this->request = $request; | ||
} | ||
|
||
/** | ||
* {@inheritDoc} | ||
* | ||
* Untrusted connection test. | ||
* When board runs on HTTPS and ad tries to load a file from | ||
* HTTP source, browser throws a warning. We should prevent that. | ||
*/ | ||
public function run($ad_code) | ||
{ | ||
$is_https = $this->request->server('HTTPS', false); | ||
if ($is_https && preg_match('/http[^s]/', $ad_code)) | ||
{ | ||
return array( | ||
'severity' => 'warning', | ||
'message' => 'UNSECURE_CONNECTION', | ||
); | ||
} | ||
|
||
return false; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
services: | ||
phpbb.ads.analyser.manager: | ||
class: phpbb\ads\analyser\manager | ||
arguments: | ||
- '@phpbb.ads.analyser.test_collection' | ||
- '@request' | ||
- '@template' | ||
- '@language' | ||
|
||
# ----- Analyser tests ----- | ||
phpbb.ads.analyser.test_collection: | ||
class: phpbb\di\service_collection | ||
arguments: | ||
- '@service_container' | ||
tags: | ||
- { name: service_collection, tag: phpbb.ads.analyser.test } | ||
|
||
phpbb.ads.analyser.test.alert: | ||
class: phpbb\ads\analyser\test\alert | ||
tags: | ||
- { name: phpbb.ads.analyser.test } | ||
|
||
phpbb.ads.analyser.test.location_href: | ||
class: phpbb\ads\analyser\test\location_href | ||
tags: | ||
- { name: phpbb.ads.analyser.test } | ||
|
||
phpbb.ads.analyser.test.script_without_async: | ||
class: phpbb\ads\analyser\test\script_without_async | ||
tags: | ||
- { name: phpbb.ads.analyser.test } | ||
|
||
phpbb.ads.analyser.test.untrusted_connection: | ||
class: phpbb\ads\analyser\test\untrusted_connection | ||
arguments: | ||
- '@request' | ||
tags: | ||
- { name: phpbb.ads.analyser.test } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.